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Method for Authorization. 

The present invention concerns a method for granting access. 

Computers and mobile telephones are currently used as 
equipment for carrying out transactions and for giving a 
signature of different types. Furthermore, computers are used 
to an ever greater .degree to collect information with 
different degrees of confidentiality. It is often sufficient 
to log in with a password or a PIN code in order to 
subsequently be able to carry out transactions or to handle 
information during a limited period. This means that a 

■ 

terminal may be open for unauthorised use if it is left 
unmonitored or if it is stolen within a certain time from the 
user having logged in. 

In order to prevent this, there are requirements for codes or 
for the use of a magnetic card or what is known as a "smart 
card" as a means of identification. One disadvantage of such 
systems is that the user often experiences these as awkward 
and as a result of this often seeks to exploit shortcuts, 
which reduces the level of security. 

One problem with codes is that these can be read by 
eavesdropping unless the information has been encrypted, 
which may create a demand for particular software, hardware 
or a password that is to be distributed such that it can be 
used by the user. 

The present invention solves this problem and offers a method 
in which the identity of a user can be established with high 
security. 
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The present invention thus relates to a method for granting 
access to devices such as computers, doors, vehicles or other 
arrangements to which access for a user is desired, 
comprising the transmission of a code over a short-range 
radio link, and it is characterised in that an access code 
(an ID-code) is transmitted from a central computer using 
radio waves to a radio terminal in the possession of the 
user,. in that the radio terminal is caused to transmit the 
said ID-code over the said short-range radio link to the said 
arrangement, in that the said arrangement or a transmitter 
unit in the said arrangement is caused to transmit the said 
ID-code to the said central computer, and in that the said 
computer is caused to compare the received code with the code 
that the computer transmitted to the radio terminal. 

The invention will be described in more detail below, 
partially in association with the embodiment of the invention 
shown in the attached drawing, where 

- Figure 1 shows a block diagram in order to illustrate the . 
invention. 

The present invention thus concerns a method for granting 
access for arrangements such as computers, doors, vehicles or 
other arrangements to which it is desired that a user have 
access. The invention will be described below in association 
with an example in which access to a computer is desired and 
an example in which access to a locked door is desired. 
However, the invention can be exploited for all arrangements 
to which it is desired to grant access, such as vehicles, 
telephones, etc. 

The method comprises the transmission to the arrangement of 
an ID-code over a short-range radio link. 
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According to the invention, an access code (an ID-code) is 
transmitted from a central computer 1 over radio waves to a 
radio terminal 3 in the possession of the user. The radio 
terminal may be, for example and preferably, a mobile 
telephone. It may, however, for certain applications be 
constituted by a communication radio of the type, for 
example, that is used by the rescue services. For the example 
in which the radio terminal is a mobile telephone, the 
transmission takes place over a telephone network 8, via a 
base station 7 to the telephone via radio 9. 

» 

Furthermore, the radio terminal 3 is caused to transmit the 
said ID-code over the said short-range radio link to the said 
arrangement 2, as is illustrated by means of the arrow 5. 

The said arrangement 2; 11, 12 or a transmitter unit in the 
said arrangement is thereafter caused to transmit the said 
ID-code to the said central computer 1 over a computer 
network 6, 10, 15. 

The said computer 1 is subsequently caused to compare the 
code that has been received with the code that the computer 
transmitted to the radio terminal. 

A circuit has in this way been created in which a transmitted 
code can be compared with a received code. In the case that 
the codes agree with each other, the central computer 1 can, 
in the next stage, be caused to transmit a second code to the 
arrangement 2 that makes it possible for the arrangement to 
be used in the manner intended by the user. 
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Since the central computer transmits an ID-code to a certain 
mobile telephone or other radio terminal, it can be assumed 
that the user of this mobile telephone is the person who 
transmits the code to the said arrangement over the said 
short-range radio link. Alternatively, the circuit thus can 
be used in such a manner that a registration of whether the 
codes agree is made, which in this way can be assumed to 
specify that the correct person is using the arrangement, or 
that the use of the arrangement is unauthorised. 

According to one preferred embodiment, the central computer 1 
is initiated to transmit an ID-code to the radio terminal 
through either the arrangement or the radio terminal 
transmitting a request for a code to the central computer 1. 
With respect to the arrangement, the request can be 
transmitted over the computer network 10, or, with respect to 
a mobile telephone, over the mobile telephone network 7, 8, 
9. 

It is naturally possible to initiate the said circuit at any 
freely chosen point, i.e. in the central computer 1, with the 
mobile telephone 3, or in the arrangement 2. 

According to one preferred design, the said short-range radio 
link is what is known as an "RFID M link of known type. Such 
links may work in two directions with two transmitting units 
and two receiving units, or they may work in one direction 
only such that one unit transmits an enquiry signal that is 
received by, modulated by, and reflected by the second part 
in the form or a transponder. The said ID-code can, for 
example, be transmitted in this manner by means of the 
modulation . 
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According to an alternative preferred embodiment, the said 
short-range radio link is what is known as a "Bluetooth" 
link. 

The said arrangement 2, 11 and the said radio terminal 3 have 
in both cases a transmitter/receiver unit 3, 4; 12 for the 
radio link. 

According to one preferred design, the said radio terminal is 
a mobile telephone comprising one part of the said short- 
range radio link. The radio terminal is preferably a mobile 
telephone with an integral Bluetooth function. 

A Bluetooth module is thus built into the arrangement 2, 11. 
It is also possible to use another radio technology such as 
WLAN (Wireless Local Area Network) . However, it is important 
that the range of the radio link can be made sufficiently 
short, independently of the technology used, in order to 
activate only the arrangements that are intended. 

According to one example, the said arrangement is a computer 
(2) or a computer terminal to which access is required. 

In this design, the user can request via the computer 2 a 
code from the central computer 1 in order to be able to use 
the computer 2. This request can contain the ID number of the 
user. The central computer 1 thus transmits a code to the 
mobile telephone 7 of the user, which subsequently transmits 
the code over the radio link 5 to the computer 2. The 
computer 2 transmits the code to the central computer 1. The 
central computer in this way receives confirmation that the 
correct code has been received by the computer, whereby the 
user can use the computer in the manner that is granted by 
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the said code. This may be a question of full or limited use, 
such as carrying out financial transactions. 

According to a second example, the said arrangement is a door 
11 or a gateway to which access is required such that it can 
be opened. In this case it is preferred that the said 
arrangement comprises a communicator 12 connected to the 
central computer 1, which communicator 12 is arranged to 
communicate with the said radio terminal 3 over a short 
distance using an RFID link or a bluetooth link. 

According to this example, it may be a question of rescue 
personnel being equipped with a radio terminal 3 in the form 
of a mobile telephone with an integral RFID link or bluetooth 
link 13. The communicator 12 is also equipped with such a 

i 

link. When a fire-fighter, for example, wishes to open the 
door, he rings to the central computer 1 over the telephone 
network 7, 8, 9 and transmits information about the door that 
is concerned. This can take place through a numerical 
designation or through another unique identity. 
Alternatively, the telephone 3 communicates through the said 
link with the communicator whereby the number of the mobile 
telephone is transmitted to the communicator 12. In the 
latter case, the information is transmitted from the 
communicator 12 to the central computer 1. In both cases, the 
central computer 1 subsequently transmits a code to the- 
mobile telephone that, once it has received the code, 
transmits it to the communicator 12 over the said link, 

■ 

whereby the door can be opened. 

It is clear that, both in the case with a computer 2 and in 
the case with a door 11, that the code can vary with time, in 
the case in which the central computer transmits the code to 
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the radio terminal 3 and to the arrangement 2; 11. Variation 
in time makes unauthorised use through eavesdropping of the 
code significantly more difficult. 

According to one preferred embodiment the arrangement 2; 11 
may be arranged to compare the codes received from the 
computer 1 and from the radio terminal 3. 

According to one preferred design, the code transmitted to 
the central computer comprises a network address belonging to 
the arrangement 2; 11. This means that the arrangement is 
identified for the central computer, and this not only 
facilitates the transmission of a code from the central 
computer 1 to the arrangement, it also increases the security 
in the system against unauthorised use. 

According to one design, the system can be used to ensure 
that, for example, the right people enter a meeting room. In 
this case, a person's transponder in the form of an RFID 
circuit or a bluetooth circuit in the mobile telephone of the 
person is read by a communicator at the door of the room. The 
communicator transmits to the central computer a code that 
refers to the transponder. The central computer transmits a 
temporary code to the mobile telephone of the person, which 
mobile telephone sends the code onwards to the central 
computer through the communicator. A circuit has in this way- 
been created, in which the central computer has information 
about the said temporary code, the person's mobile telephone 
number coupled to that code that was initially read, and the 
name of the person. 

According to another preferred embodiment the said code is 
used to encrypt information that is transmitted from the 
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arrangement to the central computer. The code can in this way 
comprise an encryption key. This further increases the 
' security against the unauthorised use of a code that has been 
read by eavesdropping. 

5 

According to a further preferred embodiment, the said 
arrangement 2; 11 comprises a reading arrangement 4; 12 in 
order to read biometric data from the said user and in order 
to cause the said arrangement 2; 11 to transmit biometric 

10 data to the central computer 1 . Such biometric data is 

transmitted to the central computer 1 for comparison with 
reference data previously stored in the central computer in 
order to further increase the security that it is the correct 
person that is using the radio terminal or the computer 2. 

15 The said reading arrangement 4; 12 for reading biometric data 
from the said user may be a reading arrangement known per se 
of suitable type, such as for reading fingerprints or the 
iris of the eye. 

20 A number of designs have been described above. It is, 

however, clear that the invention can be varied, for example 
with respect to the location at which the circuit is 
initiated and started, as can the number of different 
arrangements that form the said circuit be varied. 

25 

The present- invention, therefore, is not to be seen as . 
limited to the embodiments specified above, since the 
invention can be varied within the scope of the attached 
claims . 



